Gravity Bridge, a cross-chain protocol linking Ethereum and Cosmos, was drained of roughly $5.4 million in an exploit, prompting validators to halt the bridge.
Onchain analyst Specter flagged the incident, suggesting the bridge contract key was compromised. Security firm PeckShield confirmed the attack, detailing losses: $4.3 million in USDC, 274 Wrapped Ether (WETH) worth about $553,000, $434,000 in USDT, and 14.164 PAX Gold (PAXG) tokens valued at $64,000.
PeckShield noted some stolen funds were laundered through ChangeNow and Binance, with the theft wallet still holding 2,102 ETH.
Gravity Bridge acknowledged the incident, instructing validators to halt operations while investigating. Unlike many bridges that rely on centralized controls, Gravity Bridge uses its full validator set to authorize transfers, aiming for decentralization.
The native token Graviton (GRAV) fell 4% to $0.0007053.
This exploit adds to growing institutional concerns over bridge security. According to JPMorgan analysts, bridging attacks remain a key barrier to DeFi scaling for institutional demand. Earlier in 2026, eight major bridge exploits resulted in $328.6 million in cumulative losses.